Coalition Letter on Passenger Profiling

The Honorable Christopher Cox
Chairman
Select Committee on Homeland Security
United States House of Representatives
Washington, DC 20515

The Honorable Jim Turner
Ranking Member
Select Committee on Homeland Security
United States House of Representatives
Washington, DC 20515

Dear Chairman Cox and Ranking Member Turner:

We write as a nonpartisan coalition of national organizations to urge Congress to stop the deployment of the Transportation Security Administration's (TSA) second-generation airline passenger profiling system known as CAPPS II ("Computer Assisted Passenger Prescreening System") unless it can be shown to be both effective and consistent with privacy and due process principles. CAPPS II would attempt to assess the security risk of every single airline passenger based on commercial and government data. As a result, innocent people could be branded security risks on the basis of flawed data and without any meaningful way to challenge the government's determination. At a minimum, Congress should require the TSA to answer key questions about both the effectiveness of CAPPS II and its implications for privacy and civil liberties before the program is fully developed and TSA constructs the infrastructure for a general-purpose domestic risk assessment system.

In January, the TSA published a Federal Register notice announcing the Aviation Security Screening Records (ASSR) database. The Federal Register notice described a system that would allow the government access to "financial and transactional data" as well as virtually unlimited amounts and kinds of data from other proprietary and public sources. TSA also indicated in that notice that many private and public entities might gain access to the personal information used in the ASSR database. Yet the notice did not provide information about how passengers can challenge their "score" or otherwise seek redress for their treatment at airports if they think it is based on inaccurate information. Over 100 individuals and organizations filed comments on the ASSR database that were almost universally critical of the program.

TSA plans to revise the Federal Register notice to more specifically reflect the evolving nature and scope of CAPPS II and the agency has begun a series of meetings with privacy organizations, industry groups and other stakeholders to explain the program in more detail.

In the past few weeks, TSA officials have clarified the basic structure of CAPPS II. First, TSA officials said the program would gather only four pieces of information about each passenger from the airlines: full name, home address, home phone number and date of birth. That information would then be checked against "credit header" information and other data held by various data aggregators - private corporations that maintain files on the commercial activities of most American citizens - in an effort to verify the traveler's identity. However, credit header information can be inaccurate and identity thieves could easily sidestep the identity check by presenting a false driver's license or passport, undercutting the system's entire mission, which is why we believe that effectiveness is a threshold issue.

After attempting to verify identity, CAPPS II would conduct a check against government databases (including intelligence and law enforcement databases) to assign a risk assessment "score" to each passenger: green for minimal, yellow to spark heightened security procedures, and red for those judged to pose an acute danger, who would be referred to law enforcement. The good news is TSA does not plan to retain data on individuals. The bad news is that CAPPS II puts the riskiest element of the program - the determination of risk and the construction of rules for conducting background checks - into the realm of the more secretive intelligence and law enforcement programs and databases. We appreciate that TSA plans to develop some mechanism for individuals to request a re-evaluation of their color code but it now appears that CAPPS II is rooted in the secretive box of law enforcement and intelligence data (which itself could include data mined from innocent people's commercial information). This heightens the concern that the program will be beyond meaningful public review and oversight.

Although the TSA's recent outreach to stakeholders is welcome, Congress should not allow the TSA to develop unilaterally a tool that could invade individual privacy and brand innocent airline passengers a security risk without meaningful review.

Congress should carefully and deliberately assess the program's effectiveness as a security measure, its cost in economic terms, and its cost to civil liberties before allowing TSA to move forward with CAPPS II. To start, Congress should ask TSA the following questions:

Effectiveness of the Program

How will the CAPPS II program work? What information will be examined about passengers? From where will the data be collected? Who will handle the data? How will the risk assessment be made? Under what circumstances would a passenger be prevented from flying? What risk levels will be assigned (e.g. red, yellow, and green) and what will be the consequence to the passenger of each level?

Has CAPPS II (or any of its component programs) been evaluated or have any determinations been made as to effectiveness or feasibility as an air security measure? If so, what are the results of these evaluations or feasibility studies?

What is the presumed error rate of the underlying data (in both government and commercial databases)? How would error rates affect the "scoring" of airline passengers?

What is the presumed error rate of the algorithm used to determine a passenger "score"?

What is now being tested by Delta Airlines? Is this simply a test of whether reservation information could be used in a CAPPS program or is some version of CAPPS II with the assignment of risk scores or other actual screening of passengers taking place?

Privacy of Personal Information

What passenger data will be retained and by whom - the government or a private contractor? (The answer may vary for different sets of data and at different points in the system.)

What internal oversight mechanisms would be in place for either government or commercial databases used for CAPPS II (e.g. data quality standards, audit controls, ombudsman or complaint process)?

What external oversight mechanisms would be in place for these same databases (e.g. judicial review)?

How could CAPPS II be used by law enforcement, intelligence, and other federal, state, or local government agencies? What specific agencies have expressed interest in the program to date? For what activities?

In the view of the government, what laws govern the use and unauthorized use or collection of the data to be used in CAPPS II?

What private entities could gain access to the personal information used by TSA or to the risk assessment (either the actual "score" or fact of the color code)? For what purposes? What limitations would there be on third party use of that information?

Air passengers' "Risk Assessment"

Who or what would conduct the so-called "risk assessments"?

How would passengers challenge their "score" - or even find out what it is? What procedures would be in place for passengers to correct or challenge a "risk assessment"? What rights would an individual have at the airport to remedy the assessment?

Cost of CAPPS II

What would be the cost of developing and initially implementing the program including personnel, technology, and oversight mechanisms to federal, state and local governments and private industry? What would be the ongoing costs of the program?

What private contractors, including private industry and academic researchers, have received funding for research, development and implementation of CAPPS II to date? How much?

It is important that Congress exercise its oversight role and start asking questions about CAPPS II now, because the project is moving ahead with a pilot program at Delta Air Lines. And air travelers are worried about CAPPS II; according to The New York Times, in a recent survey conducted by the Association of Corporate Travel Executives, 82 percent of respondents considered the program an invasion of privacy.

Thank you for your consideration of this matter.

Sincerely,

American Civil Liberties Union
American Conservative Union
American Defense Council
Americans for Tax Reform
Center for Democracy and Technology
Christian Coalition
Eagle Forum
Electronic Frontier Foundation
Electronic Privacy Information Center
Free Congress Foundation
People for the American Way